<?

  error_reporting(E_ALL);
  ini_set('display_errors', 1);

include_once 'private.inc.php';
include_once 'controller.inc.php';

$id = $_POST['id'];
$old_password = $_POST['old_password'];
$password = $_POST['password'];

$old_password_hash = encrypt_password($old_password);
$password_hash = encrypt_password($password);

$error = 'none';
$db_link = db_connect();

$user = db_getUser($id);
if ($user->getPassword() != $old_password_hash) {
  $error = 'password';
}
else if ($user->getEmail() != $_COOKIE['user']) {
  $error = 'auth';
}
else {
  $user->setPassword($password_hash);
  db_updateUser($user);
}

db_disconnect($db_link);

if ($error == 'password') {
  header('Location: edit_user.php?failure=password');
}
else if ($error == 'auth') {
  header('Location: edit_user.php?failure=auth');
}
else {
  header('Location: edit_user.php?success=Password_changed');
}

?>
